Detection Engineering & Sigma Rules

Frameworks: MITRE ATT&CK v16, Sigma Rule Specification (sigmahq.io), Palantir Alerting and Detection Strategy (ADS) Role: SOC Analyst, Security Engineer Time: 30-60 min per detection Output: Sigma detection rule, ADS documentation, ATT&CK coverage mapping

1. When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

Invoke this skill when any of the following conditions are met: